mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2024-12-23 08:36:29 +00:00
Verify HTTP signatures only when request accepts "activity+json" type
This commit is contained in:
parent
36d66d9655
commit
775212121c
2 changed files with 12 additions and 5 deletions
|
@ -4,6 +4,7 @@
|
||||||
|
|
||||||
defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
|
defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
|
||||||
import Plug.Conn
|
import Plug.Conn
|
||||||
|
import Phoenix.Controller, only: [get_format: 1, text: 2]
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
def init(options) do
|
def init(options) do
|
||||||
|
@ -15,9 +16,13 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
|
||||||
end
|
end
|
||||||
|
|
||||||
def call(conn, _opts) do
|
def call(conn, _opts) do
|
||||||
conn
|
if get_format(conn) == "activity+json" do
|
||||||
|> maybe_assign_valid_signature()
|
conn
|
||||||
|> maybe_require_signature()
|
|> maybe_assign_valid_signature()
|
||||||
|
|> maybe_require_signature()
|
||||||
|
else
|
||||||
|
conn
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
defp maybe_assign_valid_signature(conn) do
|
defp maybe_assign_valid_signature(conn) do
|
||||||
|
@ -51,7 +56,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
|
||||||
if Pleroma.Config.get([:activitypub, :authorized_fetch_mode], false) do
|
if Pleroma.Config.get([:activitypub, :authorized_fetch_mode], false) do
|
||||||
conn
|
conn
|
||||||
|> put_status(:unauthorized)
|
|> put_status(:unauthorized)
|
||||||
|> Phoenix.Controller.text("Request not signed")
|
|> text("Request not signed")
|
||||||
|> halt()
|
|> halt()
|
||||||
else
|
else
|
||||||
conn
|
conn
|
||||||
|
|
|
@ -7,6 +7,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
|
||||||
alias Pleroma.Web.Plugs.HTTPSignaturePlug
|
alias Pleroma.Web.Plugs.HTTPSignaturePlug
|
||||||
|
|
||||||
import Plug.Conn
|
import Plug.Conn
|
||||||
|
import Phoenix.Controller, only: [put_format: 2]
|
||||||
import Mock
|
import Mock
|
||||||
|
|
||||||
test "it call HTTPSignatures to check validity if the actor sighed it" do
|
test "it call HTTPSignatures to check validity if the actor sighed it" do
|
||||||
|
@ -20,6 +21,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
|
||||||
"signature",
|
"signature",
|
||||||
"keyId=\"http://mastodon.example.org/users/admin#main-key"
|
"keyId=\"http://mastodon.example.org/users/admin#main-key"
|
||||||
)
|
)
|
||||||
|
|> put_format("activity+json")
|
||||||
|> HTTPSignaturePlug.call(%{})
|
|> HTTPSignaturePlug.call(%{})
|
||||||
|
|
||||||
assert conn.assigns.valid_signature == true
|
assert conn.assigns.valid_signature == true
|
||||||
|
@ -37,7 +39,7 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
|
||||||
end)
|
end)
|
||||||
|
|
||||||
params = %{"actor" => "http://mastodon.example.org/users/admin"}
|
params = %{"actor" => "http://mastodon.example.org/users/admin"}
|
||||||
conn = build_conn(:get, "/doesntmattter", params)
|
conn = build_conn(:get, "/doesntmattter", params) |> put_format("activity+json")
|
||||||
|
|
||||||
[conn: conn]
|
[conn: conn]
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue